Environment
NetIQ AppManager 6.x
Situation
Security events are being generated by NetiQ client services in the Security Event Log.
NT Security Event Log Example:
Security Success Audit Privilege Use 578 PRDSPB\netiq SSZT003CTO "Privileged object operation: Object Server: SC Manager Object Handle: 4133821676 Process ID: 300 Primary User Name: SSZT003CTO$ Primary Domain: PRDSPB Primary Logon ID: (0x0,0x3E7) Client User Name: netiq Client Domain: PRDSPB Client Logon ID: (0x0,0x12F963E4) Privileges: SeTakeOwnershipPrivilege "
NT Security Event Log Example:
Security Success Audit Privilege Use 578 PRDSPB\netiq SSZT003CTO "Privileged object operation: Object Server: SC Manager Object Handle: 4133821676 Process ID: 300 Primary User Name: SSZT003CTO$ Primary Domain: PRDSPB Primary Logon ID: (0x0,0x3E7) Client User Name: netiq Client Domain: PRDSPB Client Logon ID: (0x0,0x12F963E4) Privileges: SeTakeOwnershipPrivilege "
Resolution
The events being generated are all success audits. This would be proper function. If you audit for success and failed audits, the user for the AppManager application will access system resources and post these types of messages.
Additional Information
Formerly known as NETIQKB6329